diff options
Diffstat (limited to 'framework/Web/UI/ActiveControls/TActiveFileUpload.php')
| -rwxr-xr-x | framework/Web/UI/ActiveControls/TActiveFileUpload.php | 115 |
1 files changed, 56 insertions, 59 deletions
diff --git a/framework/Web/UI/ActiveControls/TActiveFileUpload.php b/framework/Web/UI/ActiveControls/TActiveFileUpload.php index 10aa2ed3..b478e119 100755 --- a/framework/Web/UI/ActiveControls/TActiveFileUpload.php +++ b/framework/Web/UI/ActiveControls/TActiveFileUpload.php @@ -1,11 +1,10 @@ <?php /** * TActiveFileUpload.php - * + * * @author Bradley Booms <Bradley.Booms@nsighttel.com> * @author Christophe Boulain <Christophe.Boulain@gmail.com> * @author Gabor Berczi <gabor.berczi@devworx.hu> (issue 349 remote vulnerability fix) - * @version $Id: TActiveFileUpload.php 3232 2013-01-02 14:42:24Z ctrlaltca $ * @package System.Web.UI.ActiveControls */ @@ -17,7 +16,7 @@ Prado::using('System.Web.UI.WebControls.TFileUpload'); /** * TActiveFileUpload - * + * * TActiveFileUpload displays a file upload field on a page. Upon postback, * the text entered into the field will be treated as the name of the file * that will be uploaded to the server. The property {@link getHasFile HasFile} @@ -31,22 +30,21 @@ Prado::using('System.Web.UI.WebControls.TFileUpload'); * * TActiveFileUpload raises {@link onFileUpload OnFileUpload} event if a file is uploaded * (whether it succeeds or not). - * + * * TActiveFileUpload actually does a postback in a hidden IFrame, and then does a callback. * This callback then raises the {@link onFileUpload OnFileUpload} event. After the postback * a status icon is displayed; either a green checkmark if the upload is successful, * or a red x if there was an error. - * + * * @author Bradley Booms <Bradley.Booms@nsighttel.com> * @author Christophe Boulain <Christophe.Boulain@gmail.com> - * @version $Id: TActiveFileUpload.php 3232 2013-01-02 14:42:24Z ctrlaltca $ * @package System.Web.UI.ActiveControls */ -class TActiveFileUpload extends TFileUpload implements IActiveControl, ICallbackEventHandler, INamingContainer +class TActiveFileUpload extends TFileUpload implements IActiveControl, ICallbackEventHandler, INamingContainer { - + const SCRIPT_PATH = 'prado/activefileupload'; - + /** * @var THiddenField a flag to tell which component is doing the callback. */ @@ -68,7 +66,7 @@ class TActiveFileUpload extends TFileUpload implements IActiveControl, ICallback */ private $_target; - + /** * Creates a new callback control, sets the adapter to * TActiveControlAdapter. If you override this class, be sure to set the @@ -78,8 +76,8 @@ class TActiveFileUpload extends TFileUpload implements IActiveControl, ICallback parent::__construct(); $this->setAdapter(new TActiveControlAdapter($this)); } - - + + /** * @param string asset file in the self::SCRIPT_PATH directory. * @return string asset file url. @@ -89,8 +87,8 @@ class TActiveFileUpload extends TFileUpload implements IActiveControl, ICallback $base = $this->getPage()->getClientScript()->getPradoScriptAssetUrl(); return $base.'/'.self::SCRIPT_PATH.'/'.$file; } - - + + /** * This method is invoked when a file is uploaded. * If you override this method, be sure to call the parent implementation to ensure @@ -103,10 +101,10 @@ class TActiveFileUpload extends TFileUpload implements IActiveControl, ICallback // save the file so that it will persist past the end of this return. $localName = str_replace('\\', '/', tempnam(Prado::getPathOfNamespace($this->getTempPath()),'')); parent::saveAs($localName); - + $filename=addslashes($this->getFileName()); - - + + $params = new TActiveFileUploadCallbackParams; $params->localName = $localName; $params->fileName = $filename; @@ -128,11 +126,11 @@ class TActiveFileUpload extends TFileUpload implements IActiveControl, ICallback parent.Prado.WebUI.TActiveFileUpload.onFileUpload(Options); </script> EOS; - + exit(); } } - + /** * @return string the path where the uploaded file will be stored temporarily, in namespace format * default "Application.runtime.*" @@ -140,7 +138,7 @@ EOS; public function getTempPath(){ return $this->getViewState('TempPath', 'Application.runtime.*'); } - + /** * @param string the path where the uploaded file will be stored temporarily in namespace format * default "Application.runtime.*" @@ -148,7 +146,7 @@ EOS; public function setTempPath($value){ $this->setViewState('TempPath',$value,'Application.runtime.*'); } - + /** * @return boolean a value indicating whether an automatic callback to the server will occur whenever the user modifies the text in the TTextBox control and then tabs out of the component. Defaults to true. * Note: When set to false, you will need to trigger the callback yourself. @@ -156,7 +154,7 @@ EOS; public function getAutoPostBack(){ return $this->getViewState('AutoPostBack', true); } - + /** * @param boolean a value indicating whether an automatic callback to the server will occur whenever the user modifies the text in the TTextBox control and then tabs out of the component. Defaults to true. * Note: When set to false, you will need to trigger the callback yourself. @@ -164,49 +162,49 @@ EOS; public function setAutoPostBack($value){ $this->setViewState('AutoPostBack',TPropertyValue::ensureBoolean($value),true); } - + /** * @return string A chuck of javascript that will need to be called if {{@link getAutoPostBack AutoPostBack} is set to false} - */ + */ public function getCallbackJavascript(){ return "Prado.WebUI.TActiveFileUpload.fileChanged(\"{$this->getClientID()}\")"; } - + /** * @throws TInvalidDataValueException if the {@link getTempPath TempPath} is not writable. */ public function onInit($sender){ parent::onInit($sender); - + if (!Prado::getApplication()->getCache()) if (!Prado::getApplication()->getSecurityManager()) throw new Exception('TActiveFileUpload needs either an application level cache or a security manager to work securely'); - + if (!is_writable(Prado::getPathOfNamespace($this->getTempPath()))){ throw new TInvalidDataValueException("activefileupload_temppath_invalid", $this->getTempPath()); } } - + /** * Raises <b>OnFileUpload</b> event. - * - * This method is required by {@link ICallbackEventHandler} interface. + * + * This method is required by {@link ICallbackEventHandler} interface. * This method is mainly used by framework and control developers. * @param TCallbackEventParameter the event parameter */ public function raiseCallbackEvent($param){ $cp = $param->getCallbackParameter(); if ($key = $cp->targetID == $this->_target->getUniqueID()){ - + $params = $this->popParamsByToken($cp->callbackToken); - + $_FILES[$key]['name'] = $params->fileName; $_FILES[$key]['size'] = intval($params->fileSize); $_FILES[$key]['type'] = $params->fileType; $_FILES[$key]['error'] = intval($params->errorCode); $_FILES[$key]['tmp_name'] = $params->localName; $this->loadPostData($key, null); - + $this->raiseEvent('OnFileUpload', $this, $param); } } @@ -220,7 +218,7 @@ EOS; { $this->onFileUpload($this->getPage()->getRequest()->itemAt('TActiveFileUpload_TargetId')); } - + protected function pushParamsAndGetToken(TActiveFileUploadCallbackParams $params) { if ($cache = Prado::getApplication()->getCache()) @@ -237,10 +235,10 @@ EOS; } else throw new Exception('TActiveFileUpload needs either an application level cache or a security manager to work securely'); - + return $token; } - + protected function popParamsByToken($token) { if ($cache = Prado::getApplication()->getCache()) @@ -260,7 +258,7 @@ EOS; throw new Exception('TActiveFileUpload needs either an application level cache or a security manager to work securely'); assert($params instanceof TActiveFileUploadCallbackParams); - + return $params; } @@ -277,14 +275,14 @@ EOS; $this->_errorCode = UPLOAD_ERR_FORM_SIZE; $localName = str_replace('\\', '/', tempnam(Prado::getPathOfNamespace($this->getTempPath()),'')); $fileName = addslashes($this->getFileName()); - + $params = new TActiveFileUploadCallbackParams; $params->localName = $localName; $params->fileName = $fileName; $params->fileSize = $this->getFileSize(); $params->fileType = $this->getFileType(); $params->errorCode = $this->getErrorCode(); - + echo <<<EOS <script language="Javascript"> Options = new Object(); @@ -295,35 +293,35 @@ EOS; Options.fileType = '{$params->fileType}'; Options.errorCode = '{$params->errorCode}'; Options.callbackToken = '{$this->pushParamsAndGetToken($params)}'; - parent.Prado.WebUI.TactiveFileUpload.onFileUpload(Options); + parent.Prado.WebUI.TActiveFileUpload.onFileUpload(Options); </script> EOS; } } - + public function createChildControls(){ $this->_flag = Prado::createComponent('THiddenField'); $this->_flag->setID('Flag'); $this->getControls()->add($this->_flag); - + $this->_busy = Prado::createComponent('TImage'); $this->_busy->setID('Busy'); $this->_busy->setImageUrl($this->getAssetUrl('ActiveFileUploadIndicator.gif')); $this->_busy->setStyle("display:none"); $this->getControls()->add($this->_busy); - + $this->_success = Prado::createComponent('TImage'); $this->_success->setID('Success'); $this->_success->setImageUrl($this->getAssetUrl('ActiveFileUploadComplete.png')); $this->_success->setStyle("display:none"); $this->getControls()->add($this->_success); - + $this->_error = Prado::createComponent('TImage'); $this->_error->setID('Error'); $this->_error->setImageUrl($this->getAssetUrl('ActiveFileUploadError.png')); $this->_error->setStyle("display:none"); $this->getControls()->add($this->_error); - + $this->_target = Prado::createComponent('TInlineFrame'); $this->_target->setID('Target'); $this->_target->setFrameUrl($this->getAssetUrl('ActiveFileUploadBlank.html')); @@ -331,14 +329,14 @@ EOS; $this->_target->setShowBorder(false); $this->getControls()->add($this->_target); } - - + + /** - * Removes localfile on ending of the callback. + * Removes localfile on ending of the callback. */ public function onUnload($param){ - if ($this->getPage()->getIsCallback() && - $this->getHasFile() && + if ($this->getPage()->getIsCallback() && + $this->getHasFile() && file_exists($this->getLocalName())){ unlink($this->getLocalName()); } @@ -367,7 +365,7 @@ EOS; public function addAttributesToRender($writer){ parent::addAttributesToRender($writer); $writer->addAttribute('id',$this->getClientID()); - + $this->getPage()->getClientScript()->registerPradoScript('activefileupload'); $this->getActiveControl()->registerCallbackClientScript($this->getClientClassName(),$this->getClientOptions()); } @@ -392,7 +390,7 @@ EOS; protected function getClientOptions(){ $options['ID'] = $this->getClientID(); $options['EventTarget'] = $this->getUniqueID(); - + $options['inputID'] = $this->getClientID(); $options['flagID'] = $this->_flag->getClientID(); $options['targetID'] = $this->_target->getUniqueID(); @@ -422,25 +420,25 @@ EOS; } /** - * @return TImage the image displayed when an upload + * @return TImage the image displayed when an upload * completes successfully. */ public function getSuccessImage(){ $this->ensureChildControls(); return $this->_success; } - + /** - * @return TImage the image displayed when an upload + * @return TImage the image displayed when an upload * does not complete successfully. */ public function getErrorImage(){ $this->ensureChildControls(); return $this->_error; } - + /** - * @return TImage the image displayed when an upload + * @return TImage the image displayed when an upload * is in progress. */ public function getBusyImage(){ @@ -451,10 +449,9 @@ EOS; /** * TActiveFileUploadCallbackParams is an internal class used by {@link TActiveFileUpload}. - * + * * @author Bradley Booms <Bradley.Booms@nsighttel.com> * @author Christophe Boulain <Christophe.Boulain@gmail.com> - * @version $Id: TActiveFileUpload.php 3232 2013-01-02 14:42:24Z ctrlaltca $ * @package System.Web.UI.ActiveControls */ class TActiveFileUploadCallbackParams |